Payment vehicles, such as credit and debit cards, are used in a variety of purchase transactions. For this purpose, each such payment vehicle is provided with a number of credentials including cardholder's name, a card number, expiry date, card verification code (CVC) or card verification value (CVV), and signature. Most cards also include a magnetic stripe into which those credentials are encoded.
When making purchases in-store, the payment vehicle will typically be swiped through a magnetic card reader. The reader reads the encoded credentials from the magnetic stripe, sends them to a card issuer for verification, the card issuer decodes the credentials and cross-references them against a database of cardholder accounts to locate a specific cardholder account. If there are sufficient available funds in the cardholder account to complete the transaction then the payment vehicle is approved for making the transaction. After such approval from the issuer, the cardholder verifies they are the party to whom the payment vehicle belongs by either providing their signature or entering a personal identification number (PIN) into a point-of-sale (POS) terminal.
When making online purchases, a cardholder will enter payment vehicle credentials into a payment gateway or similar. The payment gateway or similar then submits the credentials for verification using the same process as outlined above for in-store purchases. Since the user does not provide a PIN or signature, no information is required other than that which can be ascertained by simple visual inspection of the payment vehicle. Moreover, since the magnetic stripe is not read from the card during online transactions, the payment vehicle need not be physically present when the transaction is made. Thus, a third party having previously acquired the payment vehicle credentials can enter those credentials into a payment gateway or similar, and thereby make fraudulent transactions using the payment vehicle.
It is desirable, therefore, that there be provided a payment vehicle for use in-store, from which payment vehicle credentials cannot be derived for the purpose of making online purchases without the payment vehicle being present.